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CLAIMS 

1 . A computer network comprising : 

a multiport network device to receive data packets to be transmitted using the 
computer network, the network device storing one or more authorized network descriptors; 
and 

a computer executing a software application, the software application generating data 
packets to be transmitted to the computer network through the network device, the software 
application registering a network rights descriptor with the network device, the software 
application inserting the network rights descriptor in each generated data packet; 

wherein the network device is configured to discard the data packet if the network 
rights descriptor in the data packet does not match an authorized network rights descriptor, 
and to process the data packet if the network rights descriptor in the data packet matches an 
authorized network rights descriptor. 

2. The computer network of claim 1 , wherein: 

the one or more authorized network descriptors are stored persistently in the network 

device. 

3 . The computer network of claim 1 , wherein: 

the one or more authorized network descriptors are stored in a device connected to the 
computer network, and the network device is configured to retrieve the authorized network 
descriptors from the device. 

4. The computer network of claim 1 , wherein: 

the network device is configured to retrieve the authorized network descriptors from 
an authentication server. 
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5. The computer network of claim 1 , wherein: 

the network device stores one or more user defined packet policies, and is configured 
to perform an action from a user defined packet policy that matches the network rights 
descriptor. 

6. The computer network of claim 1 , wherein: 

the network device is configured to route the data packet using a layer 2-3 switch. 

7. The computer network of claim 1 , wherein: 

the network rights descriptor comprises an application rights descriptor, a content 
rights descriptor, and an enterprise rights descriptor. 

8. The computer network of claim 1, wherein: 
the network rights descriptor is encrypted. 

9. The computer network of claim 1 , wherein: 

the network device is configured to process the data packet at wire-speed. 

10. The computer network of claim 1 , wherein: 

the network device is configured to block discarded data packets from utilizing the 
computer network, redirect discarded data packets, and log discarded data packets. 
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11. A computer network comprising: 

a first multiport network device to receive data packets to be transmitted using the 
computer network, the first network device inserting a local network descriptor in each data 
packet transmitted by the first network device; 

a second network device to receive data packets from the computer network, the 
second network device storing one or more authorized local network descriptors; 

wherein the second network device is configured to discard the data packet if the local 
network descriptor in the data packet does not match an authorized local network descriptor, 
and to process the data packet if the local network descriptor in the data packet matches an 
authorized local network descriptor. 

12. The computer network of claim 1 1 , wherein: 

the one or more authorized network descriptors are stored persistently in the second 
network device. 

1 3 . The computer network of claim 1 1 , wherein: 

the one or more authorized network descriptors are stored in a device connected to the 
computer network, and the second network device is configured to retrieve the authorized 
network descriptors from the device. 

14. The computer network of claim 1 1, wherein: 

the second network device is configured to retrieve the authorized network descriptors 
from an authentication server. 

15. The computer network of claim 1 1 , wherein the second network device stores one or 
more user defined packet policies, and is configured to perform an action from a user defined 
packet policy that matches the network rights descriptor. 

1 6. The computer network of claim 1 1 , wherein: 

the second network device is configured to route the data packet using a layer 2-3 

switch. 
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1 7. The computer network of claim 1 1 , wherein: 
the network rights descriptor is encrypted. 

1 8. The computer network of claim 1 1 , wherein: 

the first network device is configured to process the data packet at wire-speed. 

1 9. The computer network of claim 1 1 , wherein: 

the second network device is configured to process the data packet at wire-speed. 

20. The computer network of claim 1 1 , wherein: 

the second network device is configured to block discarded data packets from 
utilizing the computer network, redirect discarded data packets, and log discarded data 
packets. 

2 1 . The computer network of claim 1 1 , wherein the second network device is configured 
to strip the local network descriptor before processing the data packet, if the data packet has a 
destination external to the computer network. 
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22. A method for processing data packets in a computer network, comprising: 

storing one or more authorized network descriptors at a multiport network device; 
generating data packets at a software application, the data packets to be transmitted to 

the computer network through the network device; 

inserting a network rights descriptor in each generated data packet with the software 

application; 

receiving input at the network device identifying the network rights descriptor as an 
authorized network rights descriptor; 

receiving a data packet at the network device, the data packet including information 
from one or more of Layers 2 through 7 of the OSI model; 

if the network rights descriptor in the data packet matches an authorized network 
rights descriptor, processing the data packet at the network device; and 

if the network rights descriptor in the data packet does not match an authorized 
network rights descriptor, discarding the data packet. 
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